[ale] OT: MS disabling features and changing old standards.

Jason Day jasonday at worldnet.att.net
Sun Feb 15 14:15:55 EST 2004


On Sun, Feb 15, 2004 at 12:24:08PM -0500, Adrin wrote:
> Has anyone noticed that another
> recent update also took out http://username:password@www.website.com?

Yes, this is because of all the phishing scams which expoloit this.
This was posted to bugtraq a few weeks ago, more info is here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;834489

It's also interesting to note that, despite the fact that many browsers
support this URL syntax, it's not valid according to the RFCs, as
pointed out in this message:

http://www.securityfocus.com/archive/1/352429/2004-01-29/2004-02-04/0

-- 
Jason Day                                       jasonday at
http://jasonday.home.att.net                    worldnet dot att dot net
 
"Of course I'm paranoid, everyone is trying to kill me."
    -- Weyoun-6, Star Trek: Deep Space 9



More information about the Ale mailing list